This skill handles real-time bidirectional communication with a heavy security focus on preventing Cross-Site WebSocket Hijacking (CSWSH). It covers origin header validation against explicit allowlists, token-based authentication (not cookies), and per-message authorization checks. You get TDD workflows for testing security boundaries first, plus performance patterns for connection pooling, message batching, and backpressure handling. The documentation is thorough on the attack surface, with concrete examples of validating origins, authenticating connections, and rate limiting. Useful if you're building anything with persistent WebSocket connections and need to avoid the common mistakes that lead to session hijacking or resource exhaustion.
npx skills add https://github.com/martinholovsky/claude-skills-generator --skill websocket